Uploading GeoIP data

I_like_dogs · November 28, 2017, 4:06pm

I uploaded some honeypot data into kibana which works but now I want to add the GeoIP.

I've created the following config file but its not working

input {
file {
path => "/vagrant/headdionaea.csv"
start_position => "beginning"
sincedb_path => "/dev/null"

}
}

filter {
csv {
separator => ","
#connection_type, connection_protocol, protocol, srcip, srcport, dstip, dstport, hostname
columns => ["timestamp","connection_protocol","protocol","srcip","srcport","dstip","dstport","hostname"]
}
date{
match => ["timestamp", "MM/dd/yyyy HH:mm:ss"]
}

geoip {
source => "srcip"
target => "geoip"
database => "/etc/logstash/GeoLiteCity.dat"
add_field => [ "[geoip][coordinates]", "%{[geoip][longitude]}" ]
add_field => [ "[geoip][coordinates]", "%{[geoip][latitude]}" ]
}

mutate {
convert => [ "[geoip][coordinates]", "float" ]
}
}

output {
elasticsearch {
hosts => "http://localhost:9200"
index => "honeypotgeo"
}
stdout {}
}

Joe_Fleming · November 28, 2017, 5:44pm

You might want to try this question over in the logstash section, you're more likely to get an answer there.

system · December 26, 2017, 5:44pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.